What Dragonblood Tells Us About WiFi Security

WPA3 stumbles out the gate thanks to a familiar vulnerability.

When the long-awaited WPA3 rolled out at the
end of last year, the last thing anyone expected was for vulnerabilities in the
shiny new WiFi security protocol to be discovered before the paint was even
dry.

In a cruel irony, the security flaws – dubbed
Dragonblood – were identified by the same duo of researchers behind
the discovery of KRACK, the critical vulnerability in WPA2 that was the final
nail in the coffin for WPA3’s 14-year-old predecessor and prompt for its
replacement.

While the WiFi Alliance have released a change
in specification for the WPA3 standard, and hardware/software vendors have
implemented the appropriate patches, the discovery of major security flaws in
such quick succession is an unwelcome reminder that we should not blindly trust
WiFi networks, even when they are supposedly “secure”. After all, who’s to say
when the next weakness will be found or who might find it?

The Key Difference between WPA2 and WPA3

WPA2 – currently
the most widely used security protocol despite it being phased out by WPA3 –
had been around for 14 years.

It was exposed in 2017
as having critical flaws that could be exploited through a hacking method known
as KRACK, which allowed malicious attackers to decrypt network traffic. This
meant that any information shared over the network, such as credit card
details, passwords or private messages, could be read by an attacker and used
for criminal activity.

The WPA3 protocol
promised a distinct improvement due to its replacement of WPA2’s 4-way
handshake with a Simultaneous Authentication of Equals (SAE) handshake,
commonly known as Dragonfly.

A Recap of WPA2 Vulnerabilities

Research led by Matty
Vanhoef and Eyal Ronen exposed critical
security flaws in the WPA2 protocol.
These flaws allowed attackers to decrypt a user’s connection, making their
internet traffic visible as well as any personal information they shared
online. Data could also be manipulated or injected into the network with the
aim of inserting ransomware or other malware into a website.

To manipulate these WPA2
flaws, attackers would have had to be within range of the victim and launch a
series of key reinstallation attacks (KRACK). To protect against these attacks,
users were recommended to keep all devices up-to-date and install patches once
they were made available.

Following the discovery
of KRACK, many believed WPA3 would present a significant improvement in WiFi
security.

Dragonblood Vulnerabilities Discovered in WPA3

Shortly after its
release, vulnerabilities were once again discovered in WPA3 by Vanhoef and
Ronen, raising concerns about what other flaws may be uncovered in the future.

These flaws were largely
related to the new Dragonfly handshake protocol. Crucially, this is used in
networks that require password-based authentication.

Vanhoef and Ronent
discovered five types of attack that could be successfully executed on WPA3,
collectively known as Dragonblood.

Four of these attacks were based on the exploitation of
vulnerabilities in the Dragonfly handshake protocol. These were as follows:

Security group downgrade attacks

Timing-based side-channel attacks

Cache-based side-channel attacks

Resource consumption attacks.

As well as flaws in the
handshake protocol, researchers found that downgrade attacks against the
WPA3-Transition mode could lead to dictionary attacks, enabling the recovery of
a network’s password.

These vulnerabilities
would have allowed an attacker within range of the victim to recover the
password of a network, monitor network traffic and steal sensitive information
if no further website protection such as HTTPS was used.

Soon after the discovery
of Dragonblood, the WiFi alliance alerted manufacturers and released patches to
ensure that those already using WPA3 were protected against possible attacks.

Don’t Rely On Your Network For Security

Though the WiFi alliance
have now patched WPA3, the discovery of Dragonblood weaknesses so soon after
its release is concerning. The fact that these flaws were found less than two
years after the discovery of KRACK suggests that it’s only a matter of time
before more weaknesses are discovered and highlights how even password
protected networks fail to offer complete security.

Head of Research at Top10VPN Simon Migliano says ‘Considering that the
paint was barely dry on WPA3 before serious security flaws were discovered,
it’s not unrealistic to expect that further vulnerabilities may yet be
discovered in time.’

Migliano recommends users
take extra security measures such as using a VPN ‘for all sensitive
communications.’ VPNs work by encrypting a user’s internet connection via a
remote server, ensuring that anyone spying on the network is unable to read any
traffic sent between a device and the server.

Conclusion

Dragonblood
vulnerabilities in WPA3 have demonstrated that WiFi networks alone should not
be relied upon for the security and protection of your data.

The discovery of KRACK
weaknesses in WPA2 led consumers to believe that the development of WPA3
promised a vast improvement to WiFi security. However, the recent Dragonblood
discovery has so far proved that this is not the case.

With that in mind,
consumers should ensure they use extra measures, such as a VPN, to limit the
chances of falling victim to an attack on their network. Simply relying on your
WiFi protocol for security is likely never to be enough.